Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-5176

Some enhancement to password change.

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • Trunk
    • Trunk
    • framework
    • None

    Description

      1. Make "password must be different from last passwords" function work. (--// FIXME: switching to salt-based hashing breaks this history lookup below)
      2. When there's error occurs, return "requirePasswordChange" instead of "error". Then, "password change" form will not be redirected to "login" form if there's any kind of "error".
      3. Fix one "deprecated" findByAnd call.
      4. Return the "error" message instead of "event" message when password expires.

      Attachments

        1. OFBIZ-5176_revertLine455.patch
          0.9 kB
          Leon
        2. OFBIZ-5176_SecurityextUiLabels.patch
          2 kB
          Leon
        3. OFBIZ-5176.patch
          8 kB
          Leon

        Issue Links

          relates to

          Sub-task - The sub-task of the issue OFBIZ-12873 [SECURITY: CVE-2023-51467] Replaced direct null checks on username, password, and token with UtilValidate.isEmpty() method calls for consistency.

          • Major - Major loss of function.
          • Closed

          Activity

            People

              jleroux Jacques Le Roux
              utcb Leon
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: